﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Configuration;
using System.Data.SqlClient;
using System.Data.Sql;
using RestaurantManagerWebApp.Class;


namespace RestaurantManagerWebApp.Pages.UserManagement
{
    public partial class RolesAllocation : System.Web.UI.Page
    {
        string connection = System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
        protected void Page_Load(object sender, EventArgs e)
        {


            if (!IsPostBack)
            {
                Tab1.CssClass = "Clicked";
                MainView.ActiveViewIndex = 0;
            }
        }

        protected void Tab1_Click(object sender, EventArgs e)
        {
            Tab1.CssClass = "Clicked";
            Tab2.CssClass = "Initial";
            MainView.ActiveViewIndex = 0;
        }

        protected void Tab2_Click(object sender, EventArgs e)
        {
            Tab1.CssClass = "Initial";
            Tab2.CssClass = "Clicked";
            MainView.ActiveViewIndex = 1;
        }

        protected void lblInsertRole_Click(object sender, EventArgs e)
        {
            SqlConnection conn = new SqlConnection(connection);
            conn.Open();
            string roleName = txtRoleName.Text;
            SqlDataReader dr = CheckDupRoleName(conn, roleName);
            if (dr.HasRows)
            {
                Response.Write("<script type=\"text/javascript\">alert('Duplicate Role Name! Please indicate another Role Name!');</script>");
            }
            else
            {
                dr.Close();
                InsertRole(conn, roleName);
                InsertRoleAuthorization(conn, roleName);

                if (CheckBoxList1.Items[0].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET EmployeeManagement=@empMan WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@empMan", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList1.Items[1].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET StockManagement=@stock WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@stock", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList1.Items[2].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET TableManagement_back=@tableBack WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@tableBack", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList1.Items[3].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET TableManagement_front=@tableFront WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@tableFront", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList1.Items[4].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET OrderManagement_front=@orderFront WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@orderFront", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList1.Items[5].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET OrderManagement_back=@orderBack WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@orderBack", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList1.Items[6].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET MenuManagement=@menu WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@menu", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList1.Items[7].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET Reporting=@report WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@report", "deny");
                    cmd.ExecuteNonQuery();
                }

                Response.Write("<script type=\"text/javascript\">alert('Role Successfully Created!!');</script>");
                ClearForm();
            }

            conn.Close();

            
        }

        private static SqlDataReader CheckDupRoleName(SqlConnection conn, string roleName)
        {
            string cmpRoleName = "Select role from Roles where role=@roleName";
            SqlCommand checkU = new SqlCommand(cmpRoleName, conn);
            checkU.Parameters.AddWithValue("@roleName", roleName);
            SqlDataReader dr = checkU.ExecuteReader();
            return dr;
        }

        private static void InsertRoleAuthorization(SqlConnection conn, string roleName)
        {
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = conn;
            cmd.CommandText = "INSERT INTO [Authorization] (role,EmployeeManagement,TableManagement_front,OrderManagement_front,TableManagement_back,OrderManagement_back,StockManagement,MenuManagement,Reporting) VALUES (@roleName,@empMan,@tableFront,@OrderFront,@tableBack,@OrderBack,@stock,@menu,@report)";
            cmd.Parameters.AddWithValue("@roleName", roleName);
            cmd.Parameters.AddWithValue("@empMan", "allow");
            cmd.Parameters.AddWithValue("@tableFront", "allow");
            cmd.Parameters.AddWithValue("@tableBack", "allow");
            cmd.Parameters.AddWithValue("@menu", "allow");
            cmd.Parameters.AddWithValue("@report", "allow");
            cmd.Parameters.AddWithValue("@orderFront", "allow");
            cmd.Parameters.AddWithValue("@orderBack", "allow");
            cmd.Parameters.AddWithValue("@stock", "allow");
            cmd.ExecuteNonQuery();
        }

        private static void UpdateRoleAuthorization(SqlConnection conn, string roleName)
        {
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = conn;
            cmd.CommandText = "UPDATE [Authorization] SET EmployeeManagement=@empMan,TableManagement_front=@tableFront,OrderManagement_front=@orderFront,TableManagement_back=@tableBack,OrderManagement_back=@orderBack,StockManagement=@stock,MenuManagement@menu,Reporting=@report where role=@roleName";
            cmd.Parameters.AddWithValue("@roleName", roleName);
            cmd.Parameters.AddWithValue("@empMan", "allow");
            cmd.Parameters.AddWithValue("@tableFront", "allow");
            cmd.Parameters.AddWithValue("@tableBack", "allow");
            cmd.Parameters.AddWithValue("@menu", "allow");
            cmd.Parameters.AddWithValue("@report", "allow");
            cmd.Parameters.AddWithValue("@orderFront", "allow");
            cmd.Parameters.AddWithValue("@orderBack", "allow");
            cmd.Parameters.AddWithValue("@stock", "allow");
            cmd.ExecuteNonQuery();
        }


        private static void InsertRole(SqlConnection conn, string roleName)
        {
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = conn;
            cmd.CommandText = "INSERT INTO Roles (role) VALUES (@roleName)";
            cmd.Parameters.AddWithValue("@roleName", roleName);
            cmd.ExecuteNonQuery();
        }

        private void ClearForm()
        {
            foreach (ListItem li in CheckBoxList1.Items)
            {
                if (li.Selected)
                {
                    li.Selected = false;
                }
            }
            txtRoleName.Text = "";
        }

        protected void lblCancel_Click(object sender, EventArgs e)
        {
            ClearForm();
        }

        protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
        {
            
            GridViewRow row = GridView1.SelectedRow;
            txtnewRole.Text = row.Cells[0].Text;

            if (row.Cells[1].Text == "allow")
            {
                CheckBoxList2.Items[0].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[0].Selected = false;
            }

            if (row.Cells[2].Text == "allow")
            {
                CheckBoxList2.Items[3].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[3].Selected = false;
            }

            if (row.Cells[3].Text == "allow")
            {
                CheckBoxList2.Items[4].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[4].Selected = false;
            }

            if (row.Cells[4].Text == "allow")
            {
                CheckBoxList2.Items[2].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[2].Selected = false;
            }
            if (row.Cells[5].Text == "allow")
            {
                CheckBoxList2.Items[5].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[5].Selected = false;
            }

            if (row.Cells[6].Text == "allow")
            {
                CheckBoxList2.Items[1].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[1].Selected = false;
            }

            if (row.Cells[7].Text == "allow")
            {
                CheckBoxList2.Items[6].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[6].Selected = false;
            }

            if (row.Cells[8].Text == "allow")
            {
                CheckBoxList2.Items[7].Selected = true;
            }
            else
            {
                CheckBoxList2.Items[7].Selected = false;
            }
           
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            SqlConnection conn = new SqlConnection(connection);
            conn.Open();
            string roleName = txtRoleName.Text;

            if (roleName == GridView1.SelectedRow.Cells[0].Text)
            {
                UpdateRoleAuthorization(conn, roleName);
                if (CheckBoxList2.Items[0].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET EmployeeManagement=@empMan WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@empMan", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList2.Items[1].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET StockManagement=@stock WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@stock", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList2.Items[2].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET TableManagement_back=@tableBack WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@tableBack", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList2.Items[3].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET TableManagement_front=@tableFront WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@tableFront", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList2.Items[4].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET OrderManagement_front=@orderFront WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@orderFront", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList2.Items[5].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET OrderManagement_back=@orderBack WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@orderBack", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList2.Items[6].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET MenuManagement=@menu WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@menu", "deny");
                    cmd.ExecuteNonQuery();
                }

                if (CheckBoxList2.Items[7].Selected == false)
                {
                    SqlCommand cmd = new SqlCommand();
                    cmd.Connection = conn;
                    cmd.CommandText = "UPDATE [Authorization] SET Reporting=@report WHERE role=@roleName";
                    cmd.Parameters.AddWithValue("@roleName", roleName);
                    cmd.Parameters.AddWithValue("@report", "deny");
                    cmd.ExecuteNonQuery();
                }
            }
            else
            {

                SqlDataReader dr = CheckDupRoleName(conn, roleName);
                if (dr.HasRows)
                {
                    Response.Write("<script type=\"text/javascript\">alert('Duplicate Role Name! Please indicate another Role Name!');</script>");
                }
                else
                {
                    dr.Close();
                    InsertRole(conn, roleName);
                    InsertRoleAuthorization(conn, roleName);

                    if (CheckBoxList2.Items[0].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET EmployeeManagement=@empMan WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@empMan", "deny");
                        cmd.ExecuteNonQuery();
                    }

                    if (CheckBoxList2.Items[1].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET StockManagement=@stock WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@stock", "deny");
                        cmd.ExecuteNonQuery();
                    }

                    if (CheckBoxList2.Items[2].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET TableManagement_back=@tableBack WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@tableBack", "deny");
                        cmd.ExecuteNonQuery();
                    }

                    if (CheckBoxList2.Items[3].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET TableManagement_front=@tableFront WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@tableFront", "deny");
                        cmd.ExecuteNonQuery();
                    }
                    
                    if (CheckBoxList2.Items[4].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET OrderManagement_front=@orderFront WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@orderFront", "deny");
                        cmd.ExecuteNonQuery();
                    }

                    if (CheckBoxList2.Items[5].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET OrderManagement_back=@orderBack WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@orderBack", "deny");
                        cmd.ExecuteNonQuery();
                    }

                    if (CheckBoxList2.Items[6].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET MenuManagement=@menu WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@menu", "deny");
                        cmd.ExecuteNonQuery();
                    }

                    if (CheckBoxList2.Items[7].Selected == false)
                    {
                        SqlCommand cmd = new SqlCommand();
                        cmd.Connection = conn;
                        cmd.CommandText = "UPDATE [Authorization] SET Reporting=@report WHERE role=@roleName";
                        cmd.Parameters.AddWithValue("@roleName", roleName);
                        cmd.Parameters.AddWithValue("@report", "deny");
                        cmd.ExecuteNonQuery();
                    }

                    Response.Write("<script type=\"text/javascript\">alert('Role Successfully Updated!!');</script>");
                    ClearForm();
                }

            }
            

            conn.Close();

        }

        private static void UpdateRole(SqlConnection conn, string roleName)
        {
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = conn;
            cmd.CommandText = "UPDATE Roles SET role@roleName";
            cmd.Parameters.AddWithValue("@roleName", roleName);
            cmd.ExecuteNonQuery();
        }

        protected void Button2_Click(object sender, EventArgs e)
        {
            ClearForm();
        }


    }
}